Hi all,
So, my computers have been a lil whacky for about a month. Not just my PCs but my internet connection too. Bit of background I work in infosec, on the defensive side of things, as a 1st/2nd line SOC Analyst. I do a lil bit of engineering too.
So, it all seemed to start about a month ago. I’m chatting with someone on reddit. We’re vibing getting along, but somewhere down the line he all but confesses to me that he’s full on black hat. I was new to reddit, had made an ‘anonymous’ account (yeah righttt), but I shit myself. At this point we had exchanged lengthy conversation and images of various things. Nothing sexual if that’s what you may think, reddit is as funny old place, just cool stuff. We had also moved the convo over to discord. It’s dawning on me that my opsec had been absolutely pants, and that I had given this person more than enough to go on to begin to piece the puzzle of who I am together, not least of which my IP address, and exact geo location and mobile models and possibly PC models and OS’s in the EXIF data for the images and stuff I’ve sent. It’s also dawned on me that he could have sent malicious files, that I’ve opened naively.
Then it dawned on me that a couple hours or so into our conversation my internet connection had started playing up. Like it was being seriously overworked, busy. This had then been a consistent nuisance the whole time.
It’s also dawned on me that my ‘anonymous’ profiles are not as anonymous as I would have liked, and that there are links between those and my legitimate accounts, here and there.
Both my laptop and my desktop, running Mint, have slowly but surely deteriorated over this time. They crash and they crash more often, and are often otherwise very sluggish and slow. Checking the system monitor doesn’t show anything untoward, very low level usage of some modest resources. I know that many malicious programs can hide their use of resources, though. My laptop is BURNING through the battery when it’s on, and also itself. It gets unbelievably hot.
Internet connection has been very poor and patchy. I have a half gig fibre connection and it is usually very reliable. I can tell when it’s being hammered, because the percentage connection strength will drop significantly. It has been almost consistently lower than it should have been, and very low at times. It’s only me in the house at the moment, and I’m rarely streaming things. Just on reddit and also various other curiosity quenching ventures.
To begin with my web browsers (alternate etween firefox and brave) were remembering things they shouldn’t be. History and authentication info and the likes. Then, as is the case now, they’re gone amnesic.They don’t seem to be remembering anything.
[EDIT: Also, firefox warned me that an admins made changes to it’s settings, a policy called ‘DisableAppUpdate and the value was true. Looking online ppl are saying oh no worries your organisation will have don it for you! My machines are not managed by an organisaiton, as far as I’m aware. However is it the case that ‘root’ could be the admin/organisation in a similar scenario?
My instagram account has been locked up and won’t allow any real actions to be taken. It just sayd: ‘Try again later. Whe restrict certain activity to protect our community.’ Which is kinda weird, since I rarely use it. I’m thinking maybe someone has tried brute forcing it and ended up locking it up.
I’ve done some basic checks on the machines to see who is logged on and what processes are running etc but not found anything concerning. Done some virus scans with CLamAV and such but again, nothing untoward.
I could just be being totally paranoid but I’m going to wipe evrything and reainstall clean images anwyay.
If you have any thougts on this I’ve love to hear them!
Amd let me know you need any logs and such to assist.
Many thanks in advance, Comparison Own3335
submitted by /u/ComparisonOwn3335
[link] [comments]